misc/54020: three patches for ipsec-tools

[mail%maciej.szmigiero.name@localhost]

>Number:         54020
>Category:       misc
>Synopsis:       three patches for ipsec-tools
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 26 21:40:00 +0000 2019
>Originator:     Maciej S. Szmigiero
>Release:        
>Organization:
>Environment:
>Description:
I am attaching three patches for ipsec-tools (crypto/dist/ipsec-tools),
since NetBSD is now this package's upstream.

The first one fixes freeing uninitialized pointer in binbuf_pubkey2rsa()
on error path.

If we take the first error path (the one where the decoded string doesn't
make sense) in binbuf_pubkey2rsa() we call BN_free() on "exp" so we have
to make sure that we NULL-initialize it.

The second one fixes ipsec-tools Linux build, a configuration that some
of recent code changes have broken.

The third one makes racoon use CLOCK_BOOTTIME for measuring time, if
this clock is available.

The difference between CLOCK_BOOTTIME and CLOCK_MONOTONIC is that
CLOCK_MONOTONIC stops when the machine is sleeping.

Linux kernel uses CLOCK_BOOTTIME for measuring things like SA expiry times.
We should do likewise, so we don't get a different view than the kernel and
our peers when exactly our SAs expire when the machine gets suspended and
then resumed.

>How-To-Repeat:

>Fix:
The three patches are available at:
https://gist.github.com/maciejsszmigiero/47e200b64335e90ef275440988b89a12